Merge branch 'bugfix/wpa2_fixes' into 'master'

wpa2_enterprise fixes from Github

See merge request idf/esp-idf!3166

components/wpa_supplicant/port/include/os.h

@@ -270,7 +270,7 @@ char * ets_strdup(const char *s);
 #ifdef _MSC_VER
 #define os_snprintf _snprintf
 #else
-#define os_snprintf vsnprintf
+#define os_snprintf snprintf
 #endif
 #endif
 

components/wpa_supplicant/src/wpa2/eap_peer/eap.c

@@ -300,6 +300,17 @@ struct wpabuf * eap_sm_build_nak(struct eap_sm *sm, EapType type, u8 id)
 	}
 
 	for (m = methods; m; m = m->next) {
+		//do not propose insecure unencapsulated MSCHAPv2 as Phase 1 Method
+		if(m->vendor == EAP_VENDOR_IETF && m->method == EAP_TYPE_MSCHAPV2)
+			continue;
+
+		//do not propose EAP_TYPE_TLS if no client cert/key are configured
+		if(m->vendor == EAP_VENDOR_IETF && m->method == EAP_TYPE_TLS) {
+			struct eap_peer_config *config = eap_get_config(sm);
+			if (config == NULL || config->private_key == 0 || config->client_cert == 0)
+				continue;
+		}
+
 		if (type == EAP_TYPE_EXPANDED) {
 			wpabuf_put_u8(resp, EAP_TYPE_EXPANDED);
 			wpabuf_put_be24(resp, m->vendor);

components/wpa_supplicant/src/wpa2/eap_peer/eap_mschapv2.c

@@ -95,6 +95,11 @@ static void *
 eap_mschapv2_init(struct eap_sm *sm)
 {
 	struct eap_mschapv2_data *data;
+
+	//Do not init insecure unencapsulated MSCHAPv2 as Phase 1 method, only init if Phase 2
+	if(!sm->init_phase2)
+		return NULL;
+
 	data = (struct eap_mschapv2_data *)os_zalloc(sizeof(*data));
 	if (data == NULL)
 		return NULL;

components/wpa_supplicant/src/wpa2/tls/x509v3.c

@@ -543,8 +543,7 @@ void x509_name_string(struct x509_name *name, char *buf, size_t len)
 	end = buf + len;
 
 	for (i = 0; i < name->num_attr; i++) {
-		//ret = os_snprintf(pos, end - pos, "%s=%s, ",
-		ret = sprintf(pos, "%s=%s, ",
+		ret = os_snprintf(pos, end - pos, "%s=%s, ",
 				  x509_name_attr_str(name->attr[i].type),
 				  name->attr[i].value);
 		if (ret < 0 || ret >= end - pos)
@@ -560,8 +559,7 @@ void x509_name_string(struct x509_name *name, char *buf, size_t len)
 	}
 
 	if (name->email) {
-		//ret = os_snprintf(pos, end - pos, "/emailAddress=%s",
-		ret = sprintf(pos, "/emailAddress=%s",
+		ret = os_snprintf(pos, end - pos, "/emailAddress=%s",
 				  name->email);
 		if (ret < 0 || ret >= end - pos)
 			goto done;